author | chegar |
Thu, 17 Oct 2019 20:54:25 +0100 | |
branch | datagramsocketimpl-branch |
changeset 58679 | 9c3209ff7550 |
parent 58678 | 9cf78a70fa4f |
parent 57487 | 643978a35f6e |
permissions | -rw-r--r-- |
55258
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
1 |
/* |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
2 |
* Copyright (c) 2019, Red Hat, Inc. |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
4 |
* |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
5 |
* This code is free software; you can redistribute it and/or modify it |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
7 |
* published by the Free Software Foundation. Oracle designates this |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
8 |
* particular file as subject to the "Classpath" exception as provided |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
9 |
* by Oracle in the LICENSE file that accompanied this code. |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
10 |
* |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
15 |
* accompanied this code). |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
16 |
* |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
17 |
* You should have received a copy of the GNU General Public License version |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
20 |
* |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
22 |
* or visit www.oracle.com if you need additional information or have any |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
23 |
* questions. |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
24 |
*/ |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
25 |
|
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
26 |
package sun.security.krb5.internal; |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
27 |
|
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
28 |
import java.util.Date; |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
29 |
import java.util.HashMap; |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
30 |
import java.util.LinkedList; |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
31 |
import java.util.List; |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
32 |
import java.util.Map; |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
33 |
import java.util.Map.Entry; |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
34 |
|
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
35 |
import sun.security.krb5.Credentials; |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
36 |
import sun.security.krb5.PrincipalName; |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
37 |
|
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
38 |
/* |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
39 |
* ReferralsCache class implements a cache scheme for referral TGTs as |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
40 |
* described in RFC 6806 - 10. Caching Information. The goal is to optimize |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
41 |
* resources (such as network traffic) when a client requests credentials for a |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
42 |
* service principal to a given KDC. If a referral TGT was previously received, |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
43 |
* cached information is used instead of issuing a new query. Once a referral |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
44 |
* TGT expires, the corresponding referral entry in the cache is removed. |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
45 |
*/ |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
46 |
final class ReferralsCache { |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
47 |
|
57487
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
55258
diff
changeset
|
48 |
private static Map<ReferralCacheKey, Map<String, ReferralCacheEntry>> |
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
55258
diff
changeset
|
49 |
referralsMap = new HashMap<>(); |
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
55258
diff
changeset
|
50 |
|
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
55258
diff
changeset
|
51 |
static private final class ReferralCacheKey { |
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
55258
diff
changeset
|
52 |
private PrincipalName cname; |
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
55258
diff
changeset
|
53 |
private PrincipalName sname; |
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
55258
diff
changeset
|
54 |
ReferralCacheKey (PrincipalName cname, PrincipalName sname) { |
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
55258
diff
changeset
|
55 |
this.cname = cname; |
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
55258
diff
changeset
|
56 |
this.sname = sname; |
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
55258
diff
changeset
|
57 |
} |
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
55258
diff
changeset
|
58 |
public boolean equals(Object other) { |
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
55258
diff
changeset
|
59 |
if (!(other instanceof ReferralCacheKey)) |
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
55258
diff
changeset
|
60 |
return false; |
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
55258
diff
changeset
|
61 |
ReferralCacheKey that = (ReferralCacheKey)other; |
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
55258
diff
changeset
|
62 |
return cname.equals(that.cname) && |
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
55258
diff
changeset
|
63 |
sname.equals(that.sname); |
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
55258
diff
changeset
|
64 |
} |
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
55258
diff
changeset
|
65 |
public int hashCode() { |
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
55258
diff
changeset
|
66 |
return cname.hashCode() + sname.hashCode(); |
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
55258
diff
changeset
|
67 |
} |
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
55258
diff
changeset
|
68 |
} |
55258
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
69 |
|
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
70 |
static final class ReferralCacheEntry { |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
71 |
private final Credentials creds; |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
72 |
private final String toRealm; |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
73 |
ReferralCacheEntry(Credentials creds, String toRealm) { |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
74 |
this.creds = creds; |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
75 |
this.toRealm = toRealm; |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
76 |
} |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
77 |
Credentials getCreds() { |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
78 |
return creds; |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
79 |
} |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
80 |
String getToRealm() { |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
81 |
return toRealm; |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
82 |
} |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
83 |
} |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
84 |
|
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
85 |
/* |
57487
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
55258
diff
changeset
|
86 |
* Add a new referral entry to the cache, including: client principal, |
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
55258
diff
changeset
|
87 |
* service principal, source KDC realm, destination KDC realm and |
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
55258
diff
changeset
|
88 |
* referral TGT. |
55258
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
89 |
* |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
90 |
* If a loop is generated when adding the new referral, the first hop is |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
91 |
* automatically removed. For example, let's assume that adding a |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
92 |
* REALM-3.COM -> REALM-1.COM referral generates the following loop: |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
93 |
* REALM-1.COM -> REALM-2.COM -> REALM-3.COM -> REALM-1.COM. Then, |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
94 |
* REALM-1.COM -> REALM-2.COM referral entry is removed from the cache. |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
95 |
*/ |
57487
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
55258
diff
changeset
|
96 |
static synchronized void put(PrincipalName cname, PrincipalName service, |
55258
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
97 |
String fromRealm, String toRealm, Credentials creds) { |
57487
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
55258
diff
changeset
|
98 |
ReferralCacheKey k = new ReferralCacheKey(cname, service); |
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
55258
diff
changeset
|
99 |
pruneExpired(k); |
55258
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
100 |
if (creds.getEndTime().before(new Date())) { |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
101 |
return; |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
102 |
} |
57487
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
55258
diff
changeset
|
103 |
Map<String, ReferralCacheEntry> entries = referralsMap.get(k); |
55258
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
104 |
if (entries == null) { |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
105 |
entries = new HashMap<String, ReferralCacheEntry>(); |
57487
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
55258
diff
changeset
|
106 |
referralsMap.put(k, entries); |
55258
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
107 |
} |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
108 |
entries.remove(fromRealm); |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
109 |
ReferralCacheEntry newEntry = new ReferralCacheEntry(creds, toRealm); |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
110 |
entries.put(fromRealm, newEntry); |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
111 |
|
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
112 |
// Remove loops within the cache |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
113 |
ReferralCacheEntry current = newEntry; |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
114 |
List<ReferralCacheEntry> seen = new LinkedList<>(); |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
115 |
while (current != null) { |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
116 |
if (seen.contains(current)) { |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
117 |
// Loop found. Remove the first referral to cut the loop. |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
118 |
entries.remove(newEntry.getToRealm()); |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
119 |
break; |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
120 |
} |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
121 |
seen.add(current); |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
122 |
current = entries.get(current.getToRealm()); |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
123 |
} |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
124 |
} |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
125 |
|
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
126 |
/* |
57487
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
55258
diff
changeset
|
127 |
* Obtain a referral entry from the cache given a client principal, |
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
55258
diff
changeset
|
128 |
* service principal and a source KDC realm. |
55258
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
129 |
*/ |
57487
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
55258
diff
changeset
|
130 |
static synchronized ReferralCacheEntry get(PrincipalName cname, |
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
55258
diff
changeset
|
131 |
PrincipalName service, String fromRealm) { |
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
55258
diff
changeset
|
132 |
ReferralCacheKey k = new ReferralCacheKey(cname, service); |
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
55258
diff
changeset
|
133 |
pruneExpired(k); |
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
55258
diff
changeset
|
134 |
Map<String, ReferralCacheEntry> entries = referralsMap.get(k); |
55258
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
135 |
if (entries != null) { |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
136 |
ReferralCacheEntry toRef = entries.get(fromRealm); |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
137 |
if (toRef != null) { |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
138 |
return toRef; |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
139 |
} |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
140 |
} |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
141 |
return null; |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
142 |
} |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
143 |
|
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
144 |
/* |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
145 |
* Remove referral entries from the cache when referral TGTs expire. |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
146 |
*/ |
57487
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
55258
diff
changeset
|
147 |
private static void pruneExpired(ReferralCacheKey k) { |
55258
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
148 |
Date now = new Date(); |
57487
643978a35f6e
8227437: S4U2proxy cannot continue because server's TGT cannot be found
mbalao
parents:
55258
diff
changeset
|
149 |
Map<String, ReferralCacheEntry> entries = referralsMap.get(k); |
55258
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
150 |
if (entries != null) { |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
151 |
for (Entry<String, ReferralCacheEntry> mapEntry : |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
152 |
entries.entrySet()) { |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
153 |
if (mapEntry.getValue().getCreds().getEndTime().before(now)) { |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
154 |
entries.remove(mapEntry.getKey()); |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
155 |
} |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
156 |
} |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
157 |
} |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
158 |
} |
d65d3c37232c
8215032: Support Kerberos cross-realm referrals (RFC 6806)
mbalao
parents:
diff
changeset
|
159 |
} |